import { NextRequest, NextResponse } from 'next/server';

const config = {
  matcher: [
    /*
     * Match all paths except for:
     * 1. /api routes
     * 2. /_next (Next.js internals)
     * 3. /_static (inside /public)
     * 4. all root files inside /public (e.g. /favicon.ico)
     */
    '/((?!api/|_next/|_static/|_vercel|[\\w-]+\\.\\w+).*)',
  ],
};

export default async function middleware(req: NextRequest) {
  const url = req.nextUrl;
  const response = NextResponse.next();

  // Simple cookie cleanup on logout or signin error
  const isLogout = url.pathname === '/loggedout' || url.pathname === '/signout';
  const isSigninError = url.pathname === '/signin' && url.searchParams.has('error');
  
  if (isLogout || isSigninError) {
    // Clear all auth-related cookies when logging out or on error
    const authCookies = [
      'next-auth.session-token',
      'next-auth.csrf-token',
      'next-auth.callback-url',
      '__Secure-next-auth.session-token',
      '__Host-next-auth.csrf-token',
      'KEYCLOAK_SESSION',
      'KEYCLOAK_IDENTITY',
      'KC_RESTART',
      'JSESSIONID',
      'AUTH_SESSION_ID',
      'AUTH_SESSION_ID_LEGACY'
    ];
    
    authCookies.forEach(name => {
      response.cookies.delete(name);
    });
  }
  
  return response;
}

export { config };